Security

Why can't an authorized user login via LDAP?

thelucas
Explorer

I have successfully configured LDAP to my organization's Active Directory and have several strategies configured; we have a massive disorganized domain, so I need to create multiple strategies to keep the returned results within the search time/size limits.

I have one strategy that works just fine for the OU that it points to. However all other strategies (each pointing to different OUs) fail when users attempt to login with the following errors:


AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 1"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 2"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 3"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 4"
AuthenticationManagerLDAP - Could not find user="somebody01" with strategy="Strategy 5"

The user "sombody01" is discoverable via "Strategy 2" and in fact, enumerates when I browse to Settings > Access controls > Authentication method > LDAP strategies > (Strategy 2) Map groups > "theRelevantGroup-GG"

I have tested using Domain Local vs. Domain Global Groups, rearranged the connection order (no connection errors so this was a shot in the dark), and adjusted my DN strings (however I am confident these are all correct [i.e. no errors upon Strategy save and as indicated above, user enumeration in web gui group mapping]), and the results are the same.

I have searched for days and cannot find a comparable post, but please link if my Google/Duckduckgo/Splunk Answers fu was not good enough.

Cheers.

0 Karma
1 Solution

thelucas
Explorer

Hi folks. I solved my problem.

My issue had to do with a misconfigured User Base DN. I was wrong in assuming that the users (Accounts) were stored in the same OU as their team's groups, when in fact the Accounts were one or two parent OUs above their respective team.

This was simply an oddity of how my organization organizes accounts, OUs, groups, etc. in Active Directory.

Happy Splunking!

View solution in original post

0 Karma

thelucas
Explorer

Hi folks. I solved my problem.

My issue had to do with a misconfigured User Base DN. I was wrong in assuming that the users (Accounts) were stored in the same OU as their team's groups, when in fact the Accounts were one or two parent OUs above their respective team.

This was simply an oddity of how my organization organizes accounts, OUs, groups, etc. in Active Directory.

Happy Splunking!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

thelucas
Explorer

Thanks, I was waiting for mod approval.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...